7e0a4f40aaf10c411ced9b097b12a06e7d78f00c6b329a07547ad842f2391f60

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
05/08/2024, 22:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

192f1508ce9f2b6d61cd163da10608d0N.exe
Size

110KB
MD5

192f1508ce9f2b6d61cd163da10608d0
SHA1

e2f5c0a190fb22a3a17e54e61200d04cd60404e2
SHA256

7e0a4f40aaf10c411ced9b097b12a06e7d78f00c6b329a07547ad842f2391f60
SHA512

4099f201b3ce07bb4cdc3c1a3fbc547626481122730ea490edadba0efc9a863e1c86ecc0e09ee090ef22978e30d1a7d3b81cbd5b25e468bbfeb67303d0739312
SSDEEP

3072:6e7WpMaxeb0CYJ97lEYNR73e+eKZOf7fYxw:RqKvb0CYJ973e+eKZOf7ft

Score

9^/10

discovery ransomware

Malware Config

Signatures

Renames multiple (2945) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Antarctica\Palmer.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ast\LC_MESSAGES\vlc.mo.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jre7\bin\ssv.dll.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\de-DE\chkrzm.exe.mui.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\Bear_Formatted_RGB6_PAL.wmv.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\net.dll.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-lib-profiler-charts.xml.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Net.Resources.dll.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\ShapeCollector.exe.mui.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\15x15dot.png.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jre7\Welcome.html.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssve.xml.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.operations.nl_zh_4.4.0.v20140623020002.jar.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-modules-keyring-impl.xml.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\xjc.exe.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.intro.nl_zh_4.4.0.v20140623020002.jar.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Common Files\System\Ole DB\oledb32r.dll.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\HueCycle\NavigationLeft_ButtonGraphic.png.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.core.contenttype_3.4.200.v20140207-1251.jar.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Microsoft Games\FreeCell\desktop.ini.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Microsoft Games\Solitaire\en-US\Solitaire.exe.mui.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Common Files\System\ado\es-ES\msader15.dll.mui.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Common Files\System\msadc\adcvbs.inc.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javac.exe.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.repository.nl_ja_4.4.0.v20140623020002.jar.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Ho_Chi_Minh.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\unpack200.exe.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\North_Dakota\Beulah.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.renderers.swt_0.12.1.v20140903-1023.jar.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Pacific\Chatham.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Microsoft Games\Multiplayer\Checkers\es-ES\chkrzm.exe.mui.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.resources.dll.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\BabyGirl\button-highlight.png.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\Etc\GMT+2.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\schema\triggerConstraints.exsd.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\PST8.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_ja_4.4.0.v20140623020002.jar.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jre7\bin\jfxwebkit.dll.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\es-ES\TipRes.dll.mui.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipsrus.xml.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\zh-CN\tipresx.dll.mui.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\com-sun-tools-visualvm-api-caching.jar.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Riyadh87.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\7-Zip\7z.sfx.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\main\base_rtl.xml.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\OldAge\NavigationLeft_ButtonGraphic.png.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.jface_3.10.1.v20140813-1009.jar.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ca\LC_MESSAGES\vlc.mo.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Common Files\System\es-ES\wab32res.dll.mui.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationLeft_ButtonGraphic.png.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Push\NavigationUp_ButtonGraphic.png.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\classfile_constants.h.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Campo_Grande.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.ssl.feature_1.0.0.v20140827-1444\feature.xml.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\lib\derbyLocale_it.jar.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.w3c.css.sac_1.3.1.v200903091627.jar.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-modules-sampler.xml.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Chicago.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Pyongyang.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\7-Zip\Lang\an.txt.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\management\management.properties.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\modules\locale\com-sun-tools-visualvm-core_zh_CN.jar.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Noronha.tmp	192f1508ce9f2b6d61cd163da10608d0N.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	192f1508ce9f2b6d61cd163da10608d0N.exe

C:\Users\Admin\AppData\Local\Temp\192f1508ce9f2b6d61cd163da10608d0N.exe
"C:\Users\Admin\AppData\Local\Temp\192f1508ce9f2b6d61cd163da10608d0N.exe"
1⤵
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
PID:1700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1506706701-1246725540-2219210854-1000\desktop.ini.tmp

Filesize
110KB

MD5
ce47e2b8dac09ab92d55b13b2d96ee12

SHA1
f27f48c91f7d42f8a37d45127b2c3e3f910cfbd5

SHA256
d4e29e56d5f6bc44acb561596a205677f85a0c4aa0398d3fc6931fbea3e167c6

SHA512
8e9662631193b40d43e4324ac5031a3ff3f8cad2226cb4fe28ae12857832fb9e830e1d71e1de843041161804a6ba8dc4c921a6ab5d5a45bc503841e4b4023e36

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
119KB

MD5
e716c0c0aa52404466b350c0cdc2539a

SHA1
ebab3b2e37b8b3a9a36d90bd2fe595924883819e

SHA256
765f43d4c400ddbbaa1bb56dd3f6c0ee3c30600ac079037851842d3a6722e784

SHA512
e892e9ab1155d26e5dc41b17aa488b892e6512d890815b89b6db497fccf477d4c4c6cfb7a35021ef2cbe4a65a1150674779bdbb2b798c3eaa3c7a5c9540e598d

Download Submit